Adding variable for managing firewall ports
This commit is contained in:
parent
c5283b1487
commit
d038403979
GPG key ID:
3F9270F8F70AC13D
3 changed files with 24 additions and 26 deletions
27
README.md
27
README.md
|
|
@ -4,19 +4,20 @@ Ansible playbook that provisions a group of servers to run HAProxy with a shared
|
||||||
|
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
| Variable | Required | Default | Choices | Description |
|
| Variable | Required | Default | Choices | Description |
|
||||||
| --------------------------------- | -------- | ---------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
| --------------------------------- | -------- | --------------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||||
| haproxy_bind_adapter | Yes | eth0 | | Interface to use for the Shared IP |
|
| haproxy_bind_adapter | Yes | eth0 | | Interface to use for the Shared IP |
|
||||||
| haproxy_config_file | Yes | example.haproxy.cfg.j2 | | File name to use for the haproxy config file |
|
| haproxy_config_file | Yes | example.haproxy.cfg.j2 | | File name to use for the haproxy config file |
|
||||||
| haproxy_keepalived_adapter | Yes | eth0 | | Interface to use for the keepalived communication |
|
| haproxy_keepalived_adapter | Yes | eth0 | | Interface to use for the keepalived communication |
|
||||||
| haproxy_keepalived_adapter_vlan | No | | | When specified, this will setup the given vlan and use that for the keepalived communication to keep the traffic out of the primary network |
|
| haproxy_keepalived_adapter_vlan | No | | | When specified, this will setup the given vlan and use that for the keepalived communication to keep the traffic out of the primary network |
|
||||||
| haproxy_keepalived_ip | Yes | 172.16.10.1/24 | | IP to use for the keepalived communication |
|
| haproxy_keepalived_ip | Yes | 172.16.10.1/24 | | IP to use for the keepalived communication |
|
||||||
| haproxy_keepalived_process_weight | Yes | 10 | | Weight used for tracking the haproxy process on the server |
|
| haproxy_keepalived_process_weight | Yes | 10 | | Weight used for tracking the haproxy process on the server |
|
||||||
| haproxy_shared_ip | Yes | | | Shared IP that will be used by the group |
|
| haproxy_shared_ip | Yes | | | Shared IP that will be used by the group |
|
||||||
| haproxy_shared_ip_subnet | Yes | /24 | | Subnet for the shared IP |
|
| haproxy_shared_ip_subnet | Yes | /24 | | Subnet for the shared IP |
|
||||||
| haproxy_shared_priority | Yes | 100 | | Keepalived priority for the host - this will |
|
| haproxy_shared_priority | Yes | 100 | | Keepalived priority for the host - this will |
|
||||||
| haproxy_shared_state | Yes | MASTER | MASTER/BACKUP | What state the keepalived configuration will start with for the desired host - After config starts it will determine if other members exist and adjust based on priority |
|
| haproxy_shared_state | Yes | MASTER | MASTER/BACKUP | What state the keepalived configuration will start with for the desired host - After config starts it will determine if other members exist and adjust based on priority |
|
||||||
| haproxy_shared_virtual_router_id | Yes | 25 | | Virtual Router ID for the keepalived configuration - This should be the same for the group |
|
| haproxy_shared_virtual_router_id | Yes | 25 | | Virtual Router ID for the keepalived configuration - This should be the same for the group |
|
||||||
|
| haproxy_listen_ports | Yes | 22/tcp, 80/tcp, 443/tcp, 9999/tcp | | The firewall ports/protocols that should be opened on the firewall |
|
||||||
|
|
||||||
## Example
|
## Example
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,15 @@ haproxy_shared_ip: ""
|
||||||
haproxy_shared_ip_subnet: "/24"
|
haproxy_shared_ip_subnet: "/24"
|
||||||
haproxy_shared_virtual_router_id: 25
|
haproxy_shared_virtual_router_id: 25
|
||||||
haproxy_keepalived_process_weight: 10
|
haproxy_keepalived_process_weight: 10
|
||||||
|
haproxy_listen_ports:
|
||||||
|
- port : 22
|
||||||
|
protocol: tcp
|
||||||
|
- port : 80
|
||||||
|
protocol: tcp
|
||||||
|
- port : 443
|
||||||
|
protocol: tcp
|
||||||
|
- port : 9999
|
||||||
|
protocol: tcp
|
||||||
|
|
||||||
# Set per host
|
# Set per host
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -110,19 +110,7 @@
|
||||||
permanent: yes
|
permanent: yes
|
||||||
immediate: yes
|
immediate: yes
|
||||||
state: enabled
|
state: enabled
|
||||||
with_items:
|
loop: "{{ haproxy_listen_ports }}"
|
||||||
- {port: "22", protocol: "tcp"}
|
|
||||||
- {port: "80", protocol: "tcp"}
|
|
||||||
- {port: "443", protocol: "tcp"}
|
|
||||||
notify: reload firewalld
|
|
||||||
become: yes
|
|
||||||
|
|
||||||
- name: Enable firewall ports for haproxy stats
|
|
||||||
firewalld:
|
|
||||||
port: "9999/tcp"
|
|
||||||
permanent: yes
|
|
||||||
immediate: yes
|
|
||||||
state: enabled
|
|
||||||
notify: reload firewalld
|
notify: reload firewalld
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue